path: root/virus_scan.conf

#
# To enable virus_scan service in c-icap, copy this file in c-icap
# configuration directory and add the following line at the end of
# c-icap.conf file:
#       Include virus_scan.conf
#

# Module: virus_scan
# Description:
#	This is an antivirus services for the c-icap ICAP server
#	This module add the following log formating codes for use with 
#	the LogFormat configuration parameter:
#	  %{virus_scan:virus}Sa  Prints the virus name or "-".
#	  %{virus_scan:action}Sa Prints "passed" if the object scanned and no
#	                         virus found, "blocked" if a virus found and
#		                 object blocked, and "partiallyblocked" if a
#		                 virus found but some of the data transmitted
#	                         to the user.
#	Example:
#	  LogFormat myVScanFmt "%tl, %>a %is %Ib %Ob %huo [Action: %{virus_scan:action}Sa] [Virus: %{virus_scan:virus}Sa]"
#	  acl VSCAN service virus_scan
#	  AccessLog /var/log/c-icap-access-vscan.log myVScanFmt VSCAN
LogFormat myVScanFmt "%tl, %>a %is %Ib %Ob %huo [Action: %{virus_scan:action}Sa] [Virus: %{virus_scan:virus}Sa]"
acl VSCAN service virus_scan
AccessLog /var/log/c-icap/vscan.log myVScanFmt VSCAN

#	
#	The following additional formatting codes can be used with the service
#	templates (the VIRUS_FOUND, VIR_MODE_HEAD, VIR_MODE_PROGRESS,
#	VIR_MODE_TAIL and VIR_MODE_VIRUS_FOUND templates exist under the c-icap
#	templates directory):
#	  %VVN  The virus name.
#	  %VVV  The Antivirus name/version.
#	  %VU   The HTTP url.
#         %VFR  The downloaded file requested name. For use with virelator mode.
#	  %VFS  Expected http body data size (Content-Length header). For use
#	        with virelator mode.
#	  %VF   The name of the local file where the data stored. For use with
#	        with virelator mode.
#	  %VHS  An HTTP URL to get stored object. For use with virelator mode.
#	        See also the VirHTTPUrl configuration parameter.
#	  %VPR  Profile name (Exist only if virus_scan profiles are enabled).
#
# Example:
#	Service antivirus_module virus_scan.so
#	ServiceAlias  avscan virus_scan?allow204=on&sizelimit=off&mode=simple
#

# Load the virus_scan service:
Service antivirus_module virus_scan.so

#Add an alias to srv_clamav for compatibility with old service name
ServiceAlias srv_clamav virus_scan

# Add the alias avscan for virus_scan service. It is used by many
# ICAP based antivirus clients:
ServiceAlias  avscan virus_scan?allow204=on&sizelimit=off&mode=simple


# Antivirus module settings

# TAG: virus_scan.ScanFileTypes
# Format: virus_scan.ScanFileTypes type1 [type2] ...
# Description:
#	the list of file types or groups of file types which will be 
#	scanned for viruses. For supported types look in c-icap.magic 
#	configuration file.
# Default:
#	None set.
virus_scan.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE

#The percentage of data to sent if the downloaded file exceeds the StartSendPercentDataAfter size
# TAG: virus_scan.SendPercentData
# Format: virus_scan.SendPercentData percent
# Description:
#	the percentage of data that can be sent by the c-icap server 
#	before receiving the complete body of a request.
#	This feature in conjuction with the folowing can be usefull 
#	becouse if the download of the object takes a lot of time 
#	the connection of web client to proxy can be expired. 
#	It must be noticed that the data which delivered to the 
#	web client maybe contains a virus or a part of a virus
#	and can be dangerous. In the other hand partial data 
#	(for example 5% data of a zip or an exe file) in most 
#	cases can not be used. 
#	Set it to 0 to disable this feature.
# Default:
#	virus_scan.SendPercentData 0
virus_scan.SendPercentData 5

# TAG: virus_scan.StartSendPercentDataAfter
# Format: virus_scan.StartSendPercentDataAfter bytes
# Description:
#	Only if the object is bigger than size then the percentage 
#	of data which defined by SendPercentData sent by the c-icap 
#	server before receiving the complete body of request.
# Default:
#	virus_scan.StartSendPercentDataAfter 0
virus_scan.StartSendPercentDataAfter 2M

# TAG: virus_scan.Allow204Responces
# Format: virus_scan.Allow204Responces on|off
# Description:
#	 Disable 204 responces outside previews for virus_scan if 
#	 your icap client does not support it.
# Default:
#	virus_scan.Allow204Responces on

# TAG: virus_scan.PassOnError
# Format: virus_scan.PassOnError on|off
# Description:
#	 Pass the content instead of blocking it, in the case when the virus
#        scanner or the virus_scan module finds an error.
#        The error will be logged nevertheless.
# Default:
#	virus_scan.PassOnError off
virus_scan.PassOnError on

# The Maximum object to be scanned.
# TAG: virus_scan.MaxObjectSize
# Format: virus_scan.MaxObjectSize  Bytes
# Description:
#	The maximum size of files which will be scanned by 
#	antivirus service.You can use K and M indicators to define size
#	in kilobytes or megabytes.
# Default:
#	virus_scan.MaxObjectSize  5M
virus_scan.MaxObjectSize  10M

# TAG: virus_scan.DefaultEngine
# Format: virus_scan.DefaultEngine EngineName1 EngineName2 ...
# Description:
#	 The antivirus engines to use if no engine has selected using ICAP
#	 service arguments.
#	 The antivirus engines loaded as external c-icap modules.
#	 Currently the following antivirus engines are available for the
#	 c-icap-modules:
#	 	"clamd" or "clamav"
# Default:
#	None set. The first loaded engine will be used.
# Example:
#	virus_scan.DefaultEngine clamav
virus_scan.DefaultEngine clamd

# The following directives are related with an experimental 
# mode which I call "viralator like" mode. The virus_scan 
# service checks the type of file and if it included in 
# VirScanFileTypes list (see below) download the file localy 
# and sends to the web client messages about the progress
# of download. After the download completed it sends a message
# with the web location where the downloaded file stored.

# TAG: virus_scan.VirSaveDir
# Format: virus_scan.VirSaveDir path
# Description:
#	The directory where the downloaded files stored.
#	Must be a directory where a web server has access.
# Default:
#	No set
# Example:
#	virus_scan.VirSaveDir /srv/www/htdocs/downloads/

# from where the documents can be retrieved (you can find the get_file.pl script in contrib dir)
# TAG: virus_scan.VirHTTPUrl
# Format: virus_scan.VirHTTPUrl URL
# Description:
#	The url which used by the web client to retrieve 
#	downloaded file. The file where the download stored 
#	can has diferent name than the original, if a file 
#	with the same name exists in the directory. In the 
#	url the "%f" can be used to specify the real name 
#	of downloaded file.
#	You can use the small cgi program "get_file.pl" 
#	which exists in contrib directory of c-icap-modules 
#	distribution.
# Default:
#	No set
# Example:
#	virus_scan.VirHTTPUrl  "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file="

# TAG: virus_scan.VirUpdateTime
# Format: virus_scan.VirUpdateTime seconds
# Description:
#	The secs is the interval between the "progress of download"
#	 messages in seconds.
# Default:
#	virus_scan.VirUpdateTime   15

# TAG: virus_scan.VirScanFileTypes
# Format: virus_scan.VirScanFileTypes type1 type2 ...
# Description:
#	 The list of file types and groups of file types, 
#	 for which this mode must be used.
# Default:
#	None set
# Example:
#	virus_scan.VirScanFileTypes ARCHIVE EXECUTABLE

# Enable on or more antivirus engines:
Include clamd_mod.conf
#Include clamav_mod.conf

# End module: virus_scan